What is sct list in SSL certificate?

Question

What is sct list in SSL certificate? I had seen it in Google's SSL certificate. And how to add it in a certificate using openssl?

e712f2b0377e1a62fb8ec90c6184f1ea7b37cb561d11265bf3e0f34bf241546e
‎Wednesday, ‎15 ‎July, ‎2020 5:29:23 PM
SHA256
ECDSA
304602210096c52ed8da6b4d3babfca5fdd1f75837fdd1a7e52eb9921ae5427cc33a9151ba022100e02b680bf63fd773b280c1f10c35de25bc6ba09423f8057819b40e9708a9dbd2

v1
07b75c1be57d68fff1b0c61d2315c7bae6577c5794b76aeebc613a1a69d3a21c
‎Wednesday, ‎15 ‎July, ‎2020 5:29:23 PM
SHA256
ECDSA
30440220412487d8eeda1cd592dcf550fd1d6b924007d91dfa1f10c521d224b2855e08fa0220528761cab1a239ae56d9ff841259f81a8039cfd78e0bb461ab8a496519431743

Answer 1

This is a list of Signed Certificate Timestamps. These are part of certificate transparency, as defined in RFC 6962.

The data contained in a SCT is as follows (using one of yours for an example):

• Log ID: e712f2b0377e1a62fb8ec90c6184f1ea7b37cb561d11265bf3e0f34bf241546e (this happens to be the Let's Encrypt Oak2020 log)
• Issue Date: ‎Wednesday, ‎15 ‎July, ‎2020 5:29:23 PM
• Hash algorithm: SHA256
• Signature algorithm: ECDSA
• Signature data: 304602210096c52ed8da6b4d3babfca5fdd1f75837fdd1a7e52eb9921ae5427cc33a9151ba022100e02b680bf63fd773b280c1f10c35de25bc6ba09423f8057819b40e9708a9dbd2

When a CA issues a certificate, it records the certificate issuance with one or more CT log (publicly run servers that provably record certificate issuance).

The SCT indicates when the issuance occurred, which log it was recorded in, and how to find it (using the signature data). To verify that the information is correct, the client is supposed to verify that the certificate in the log matches the one you are verifying.

This is not something you should include in certificates you issue unless you happen to be running a public certificate authority. Self-signed certificates are not submitted to CT logs.